Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?
- A. E-discovery
- B. Review analysis
- C. Information governance
- D. Chain of custody
A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.)
- A. Financial data from transactions
- B. Shareholder meeting minutes
- C. Data of possible European customers
- D. Customers’ shipping addresses
- E. Deidentified purchasing habits
- F. Consumer product purchasing trends
A security engineer is creating a single CSR for the following web server hostnames:
• wwwint.internal
• www.company.com
• home.internal
• www.internal
Which of the following would meet the requirement?
- A. SAN
- B. CN
- C. CA
- D. CRL
- E. Issuer
A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation. Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience. The current architecture includes:
• Directory servers
• Web servers
• Database servers
• Load balancers
• Cloud-native VPN concentrator
• Remote access server
The MSP must secure this environment similarly to the infrastructure on premises. Which of the following should the MSP put in place to BEST meet this objective? (Choose three.)
- A. Content delivery network
- B. Virtual next-generation firewall
- C. Web application firewall
- D. Software-defined WAN
- E. External vulnerability scans
- F. Containers
A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Choose two.)
- A. Password cracker
- B. SCAP scanner
- C. Network traffic analyzer
- D. Vulnerability scanner
- E. Port scanner
- F. Protocol analyzer
An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization’s new email system provide?
- A. DLP
- B. Encryption
- C. E-discovery
- D. Privacy-level agreements
A security engineer based in Iceland works in an environment requiring an on-premises and cloud-based storage solution. The solution should take into consideration the following:
1. The company has sensitive data.
2. The company has proprietary data.
3. The company has its headquarters in Iceland, and the data must always reside in that country.
Which cloud deployment model should be used?
- A. Hybrid cloud
- B. Community cloud
- C. Public cloud
- D. Private cloud
When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?
- A. Data
- B. Storage
- C. Physical security
- D. Network
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.)
- A. Proxy
- B. Tunneling
- C. VDI
- D. MDM
- E. RDP
- F. MAC address randomization
An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?
- A. Antivirus
- B. UEBA
- C. EDR
- D. HIDS